-rw-r--r-- | src/eyefiworker.cc | 135 | ||||
-rw-r--r-- | src/eyefiworker.h | 19 | ||||
-rw-r--r-- | src/eyetil.cc | 4 | ||||
-rw-r--r-- | src/eyetil.h | 2 |
4 files changed, 90 insertions, 70 deletions
diff --git a/src/eyefiworker.cc b/src/eyefiworker.cc index 645069e..597a3f2 100644 --- a/src/eyefiworker.cc +++ b/src/eyefiworker.cc @@ -13,55 +13,66 @@ #include <autosprintf.h> #include "eyekinfig.h" #include "eyetil.h" #include "eyefiworker.h" #ifdef HAVE_SQLITE # include "iiidb.h" #endif eyefiworker::eyefiworker() : eyefiService(SOAP_IO_STORE|SOAP_IO_KEEPALIVE) { bind_flags = SO_REUSEADDR; max_keep_alive = 0; socket_flags = #if defined(MSG_NOSIGNAL) MSG_NOSIGNAL #elif defined(SO_NOSIGPIPE) SO_NOSIGPIPE #else #error Something is wrong with sigpipe prevention on the platform #endif ; #ifdef HAVE_SQLITE sqlite3_initialize(); #endif } -eyefiworker::~eyefiworker() { + +static void *fmimewriteopen_(struct soap *soap, + void *handle, const char *id, const char *type, const char *description, + enum soap_mime_encoding encoding) { + return static_cast<eyefiworker*>(soap)->mime_writeopen(handle,id,type,description,encoding); +} +static int fmimewrite_(struct soap *soap,void *handle,const char *buf,size_t len) { + return static_cast<eyefiworker*>(soap)->mime_write(handle,buf,len); +} +static void fmimewriteclose_(struct soap *soap,void *handle) { + static_cast<eyefiworker*>(soap)->mime_writeclose(handle); } int eyefiworker::run(int bindport) { if(!soap_valid_socket(bind(0,bindport,64))) throw std::runtime_error("failed to bind()"); signal(SIGCHLD,SIG_IGN); + fmimewriteopen=fmimewriteopen_; fmimewrite=fmimewrite_; fmimewriteclose=fmimewriteclose_; while(true) { if(!soap_valid_socket(accept())) throw std::runtime_error("failed to accept()"); pid_t p = fork(); if(p<0) throw std::runtime_error("failed to fork()"); if(!p) { recv_timeout = 600; send_timeout = 120; (void)serve(); soap_destroy(this); soap_end(this); soap_done(this); #ifndef NDEBUG struct rusage ru; if(getrusage(RUSAGE_SELF,&ru)) { syslog(LOG_NOTICE,"Failed to getrusage(): %d",errno); }else{ syslog(LOG_INFO,"maxrss: %ld\n",ru.ru_maxrss); } #endif /* NDEBUG */ throw throwable_exit(0); } close(socket); socket = SOAP_INVALID_SOCKET; } } static binary_t session_nonce; @@ -89,248 +100,240 @@ static bool detached_child() { if(!p) { setsid(); for(int i=getdtablesize();i>=0;--i) close(i); int i=open("/dev/null",O_RDWR); assert(i==0); i = dup(i); assert(i==1); i = dup(i); assert(i==2); return true; } return false; } static int E(eyefiworker* efs,const char *c,const std::exception& e) { efs->keep_alive=0; syslog(LOG_ERR,"error while processing %s: %s",c,e.what()); return soap_sender_fault(efs,gnu::autosprintf("error processing %s",c),0); } int eyefiworker::StartSession( std::string macaddress,std::string cnonce, int transfermode,long transfermodetimestamp, struct rns__StartSessionResponse &r ) try { syslog(LOG_INFO, "StartSession request from %s with cnonce=%s, transfermode=%d, transfermodetimestamp=%ld", macaddress.c_str(), cnonce.c_str(), transfermode, transfermodetimestamp ); - eyekinfig_t eyekinfig(macaddress); - r.credential = binary_t(macaddress+cnonce+eyekinfig.get_upload_key()).md5().hex(); + kinfig.reset(new eyekinfig_t(macaddress)); + umask(kinfig->get_umask()); + + r.credential = binary_t(macaddress+cnonce+kinfig->get_upload_key()).md5().hex(); r.snonce = session_nonce.make_nonce().hex(); r.transfermode=transfermode; r.transfermodetimestamp=transfermodetimestamp; r.upsyncallowed=false; - std::string cmd = eyekinfig.get_on_start_session(); + std::string cmd = kinfig->get_on_start_session(); if(!cmd.empty()) { if(detached_child()) { putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); putenv( gnu::autosprintf("EYEFI_TRANSFERMODE=%d",transfermode) ); putenv( gnu::autosprintf("EYEFI_TRANSFERMODETIMESTAMP=%ld",transfermodetimestamp) ); char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; execv("/bin/sh",argv); syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); _exit(-1); } } return SOAP_OK; }catch(const std::exception& e) { return E(this,"StartSession",e); } int eyefiworker::GetPhotoStatus( std::string credential, std::string macaddress, std::string filename, long filesize, std::string filesignature, int flags, struct rns__GetPhotoStatusResponse &r ) try { syslog(LOG_INFO, "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s, flags=%d; session nonce=%s", macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str(), flags, session_nonce.hex().c_str() ); - eyekinfig_t eyekinfig(macaddress); - std::string computed_credential = binary_t(macaddress+eyekinfig.get_upload_key()+session_nonce.hex()).md5().hex(); + if(!(kinfig && kinfig->macaddress==macaddress)) + throw std::runtime_error("I'm not talking to this peer"); + + std::string computed_credential = binary_t(macaddress+kinfig->get_upload_key()+session_nonce.hex()).md5().hex(); #ifndef NDEBUG syslog(LOG_DEBUG, " computed credential=%s", computed_credential.c_str()); #endif if (credential != computed_credential) throw std::runtime_error("card authentication failed"); + indir.reset(new tmpdir_t(kinfig->get_targetdir()+"/.incoming.XXXXXX")); + #ifdef HAVE_SQLITE - iiidb_t D(eyekinfig); + iiidb_t D(*kinfig); seclude::stmt_t S = D.prepare( "SELECT fileid FROM photo" " WHERE mac=:mac AND filename=:filename" " AND filesize=:filesize AND filesignature=:filesignature" ).bind(":mac",macaddress) .bind(":filename",filename).bind(":filesize",filesize) .bind(":filesignature",filesignature); if(!S.step()) { r.fileid = 1; r.offset = 0; }else{ r.fileid = S.column<long>(0); r.offset = filesize; already.set(filename,filesignature,filesize); } #else /* HAVE_SQLITE */ r.fileid=1, r.offset=0; #endif /* HAVE_SQLITE */ return SOAP_OK; }catch(const std::exception& e) { return E(this,"GetPhotoStatus",e); } int eyefiworker::MarkLastPhotoInRoll( std::string macaddress, int mergedelta, struct rns__MarkLastPhotoInRollResponse&/* r */ ) try { syslog(LOG_INFO, "MarkLastPhotoInRoll request from %s with mergedelta=%d", macaddress.c_str(), mergedelta ); - std::string cmd = eyekinfig_t(macaddress).get_on_mark_last_photo_in_roll(); + if(!(kinfig && kinfig->macaddress==macaddress)) + throw std::runtime_error("I'm not talking to this peer"); + + std::string cmd = kinfig->get_on_mark_last_photo_in_roll(); if(!cmd.empty()) { if(detached_child()) { putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); putenv( gnu::autosprintf("EYEFI_MERGEDELTA=%d",mergedelta) ); char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; execv("/bin/sh",argv); syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); _exit(-1); } } keep_alive = 0; return SOAP_OK; }catch(const std::exception& e) { return E(this,"MarkLastPhotoInRoll",e); } +void *eyefiworker::mime_writeopen(void *handle,const char *id,const char *type,const char *description, + enum soap_mime_encoding encoding) { + if(!id) return NULL; + if(!strcmp(id,"FILENAME")) { + mime_tarfile.reset(new mimewrite_tarfile(*indir)); + return mime_tarfile.get(); + }else if(!strcmp(id,"INTEGRITYDIGEST")) { + mime_idigest.reset(new mimewrite_string()); + return mime_idigest.get(); + } + return NULL; +} +int eyefiworker::mime_write(void *handle,const char *buf,size_t len) { + if(!handle) return SOAP_ERR; + return static_cast<mimewrite_base*>(handle)->write(buf,len); +} +void eyefiworker::mime_writeclose(void *handle) { + if(handle) static_cast<mimewrite_base*>(handle)->close(); +} + int eyefiworker::UploadPhoto( int fileid, std::string macaddress, std::string filename, long filesize, std::string filesignature, std::string encryption, int flags, struct rns__UploadPhotoResponse& r ) try { syslog(LOG_INFO, "UploadPhoto request from %s with fileid=%d, filename=%s, filesize=%ld," " filesignature=%s, encryption=%s, flags=%04X", macaddress.c_str(), fileid, filename.c_str(), filesize, filesignature.c_str(), encryption.c_str(), flags ); + if(!(kinfig && kinfig->macaddress==macaddress)) + throw std::runtime_error("I'm not talking to this peer"); + std::string::size_type fnl=filename.length(); if(fnl<sizeof(".tar") || strncmp(filename.c_str()+fnl-sizeof(".tar")+sizeof(""),".tar",sizeof(".tar"))) throw std::runtime_error(gnu::autosprintf("honestly, I expected the tarball coming here, not '%s'",filename.c_str())); std::string the_file(filename,0,fnl-sizeof(".tar")+sizeof("")); std::string the_log = the_file+".log"; - eyekinfig_t eyekinfig(macaddress); - - umask(eyekinfig.get_umask()); + if(!indir) throw std::runtime_error("I haven't even created a directory!"); + shared_ptr<tmpdir_t> dir; dir.swap(indir); + if(!mime_tarfile) throw std::runtime_error("I haven't written the tarball!"); + shared_ptr<mimewrite_tarfile> file; file.swap(mime_tarfile); + if(!mime_idigest) throw std::runtime_error("I haven't seen the integrity digest!"); + shared_ptr<mimewrite_string> idigest; idigest.swap(mime_idigest); - std::string td = eyekinfig.get_targetdir(); - tmpdir_t indir(td+"/.incoming.XXXXXX"); - - std::string tf,lf; - binary_t digest, idigest; #ifdef HAVE_SQLITE - bool beenthere = false; -#endif - - for(soap_multipart::iterator i=mime.begin(),ie=mime.end();i!=ie;++i) { -#ifndef NDEBUG - syslog(LOG_DEBUG, - " MIME attachment with id=%s, type=%s, size=%ld", - (*i).id, (*i).type, (long)(*i).size ); -#endif - - if((*i).id && !strcmp((*i).id,"INTEGRITYDIGEST")) { - std::string idigestr((*i).ptr,(*i).size); -#ifndef NDEBUG - syslog(LOG_DEBUG, " INTEGRITYDIGEST=%s", idigestr.c_str()); -#endif - idigest.from_hex(idigestr); - } - if( (*i).id && !strcmp((*i).id,"FILENAME") ) { - assert( (*i).type && !strcmp((*i).type,"application/x-tar") ); -#ifdef III_SAVE_TARS - std::string tarfile = indir.get_file(filename); - { - std::ofstream(tarfile.c_str(),std::ios::out|std::ios::binary).write((*i).ptr,(*i).size); - } -#endif - - if(!tf.empty()) throw std::runtime_error("already seen tarball"); - if(!digest.empty()) throw std::runtime_error("already have integrity digest"); - digest = integrity_digest((*i).ptr,(*i).size,eyekinfig.get_upload_key()); -#ifndef NDEBUG - syslog(LOG_DEBUG," computed integrity digest=%s", digest.hex().c_str()); -#endif -#ifdef HAVE_SQLITE - if(!(*i).size) { + if(!file->f.tellg()) { if(!already.is(filename,filesignature,filesize)) throw std::runtime_error("got zero-length upload for unknown file"); - beenthere = true; continue; + r.success = true; + return SOAP_OK; } #endif - tarchive_t a((*i).ptr,(*i).size); - while(a.read_next_header()) { - std::string ep = a.entry_pathname(), f = indir.get_file(ep); + if(idigest->str != file->idigest.final(kinfig->get_upload_key()).hex()) + throw std::runtime_error("Integrity digest doesn't match, disintegrating."); + + std::string tf, lf; + for(tarchive_t a(file->fn.c_str());a.read_next_header();) { + std::string ep = a.entry_pathname(), f = dir->get_file(ep); if(ep==the_file) tf = f; else if(ep==the_log) lf = f; else continue; int fd=open(f.c_str(),O_CREAT|O_WRONLY,0666); if(fd<0) throw std::runtime_error(gnu::autosprintf("failed to create output file '%s'",f.c_str())); if(!a.read_data_into_fd(fd)) throw std::runtime_error(gnu::autosprintf("failed to untar file into '%s'",f.c_str())); close(fd); } - } - } - -#ifdef HAVE_SQLITE - if(beenthere) { - r.success=true; - return SOAP_OK; - } -#endif if(tf.empty()) throw std::runtime_error("haven't seen THE file"); - if(digest!=idigest) throw std::runtime_error("integrity digest verification failed"); std::string::size_type ls = tf.rfind('/'); // XXX: actually, lack of '/' signifies error here std::string tbn = (ls==std::string::npos)?tf:tf.substr(ls+1); ls = lf.rfind('/'); std::string lbn = (ls==std::string::npos)?lf:lf.substr(ls+1); std::string ttf,tlf; bool success = false; + std::string td = kinfig->get_targetdir(); for(int i=0;i<32767;++i) { const char *fmt = i ? "%1$s/(%3$05d)%2$s" : "%1$s/%2$s"; ttf = (const char*)gnu::autosprintf(fmt,td.c_str(),tbn.c_str(),i); if(!lf.empty()) tlf = (const char*)gnu::autosprintf(fmt,td.c_str(),lbn.c_str(),i); if( (!link(tf.c_str(),ttf.c_str())) && (lf.empty() || !link(lf.c_str(),tlf.c_str())) ) { unlink(tf.c_str()); if(!lf.empty()) unlink(lf.c_str()); success=true; break; } } - std::string cmd = eyekinfig.get_on_upload_photo(); + std::string cmd = kinfig->get_on_upload_photo(); if(success) { #ifdef HAVE_SQLITE { - iiidb_t D(eyekinfig); + iiidb_t D(*kinfig); D.prepare( "INSERT INTO photo" " (ctime,mac,fileid,filename,filesize,filesignature,encryption,flags)" " VALUES" " (:ctime,:mac,:fileid,:filename,:filesize,:filesignature,:encryption,:flags)" ).bind(":ctime",time(0)) .bind(":mac",macaddress) .bind(":fileid",fileid).bind(":filename",filename) .bind(":filesize",filesize).bind(":filesignature",filesignature) .bind(":encryption",encryption).bind(":flags",flags) .step(); } #endif /* HAVE_SQLITE */ if((!cmd.empty()) && detached_child()) { putenv( gnu::autosprintf("EYEFI_UPLOADED_ORIG=%s",tbn.c_str()) ); putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); putenv( gnu::autosprintf("EYEFI_UPLOADED=%s",ttf.c_str()) ); if(!lf.empty()) putenv( gnu::autosprintf("EYEFI_LOG=%s",tlf.c_str()) ); char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; execv("/bin/sh",argv); syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); _exit(-1); } } diff --git a/src/eyefiworker.h b/src/eyefiworker.h index 6cdecff..61d92d2 100644 --- a/src/eyefiworker.h +++ b/src/eyefiworker.h @@ -1,30 +1,47 @@ #ifndef __EYEFIWORKER_H #define __EYEFIWORKER_H +#include <tr1/memory> +using std::tr1::shared_ptr; + #include "soapeyefiService.h" +#include "eyekinfig.h" +#include "eyetil.h" + +struct eyefi_session; + class eyefiworker : public eyefiService { public: + shared_ptr<eyekinfig_t> kinfig; + shared_ptr<tmpdir_t> indir; + shared_ptr<mimewrite_tarfile> mime_tarfile; + shared_ptr<mimewrite_string> mime_idigest; eyefiworker(); - ~eyefiworker(); + ~eyefiworker() { } int run(int port) __attribute__ ((noreturn)); int StartSession(std::string macaddress, std::string cnonce, int transfermode, long transfermodetimestamp, struct rns__StartSessionResponse &r); int GetPhotoStatus(std::string credential, std::string macaddress, std::string filename, long filesize, std::string filesignature, int flags, struct rns__GetPhotoStatusResponse &r); int MarkLastPhotoInRoll(std::string macaddress, int mergedelta, struct rns__MarkLastPhotoInRollResponse &r); int UploadPhoto(int fileid, std::string macaddress, std::string filename, long filesize, std::string filesignature, std::string encryption, int flags, struct rns__UploadPhotoResponse &r); + void *mime_writeopen(void *handle,const char *id,const char *type,const char *description, + enum soap_mime_encoding encoding); + int mime_write(void *handle,const char *buf,size_t len); + void mime_writeclose(void *handle); + eyefiService *copy() { throw std::logic_error("Not meant to be called"); } }; #endif /* __EYEFIWORKER_H */ diff --git a/src/eyetil.cc b/src/eyetil.cc index fba8724..5bceec7 100644 --- a/src/eyetil.cc +++ b/src/eyetil.cc @@ -131,55 +131,55 @@ static void make_path_for_template(const std::string& p,mode_t m) { } } tmpdir_t::tmpdir_t(const std::string& dt) : dir(dt) { make_path_for_template(dt,0777); if(!mkdtemp((char*)dir.data())) throw std::runtime_error("failed to mkdtmp()"); } tmpdir_t::~tmpdir_t() { assert(!dir.empty()); if(rmdir(dir.c_str())) { syslog(LOG_WARNING,"Failed to remove '%s' directory",dir.c_str()); } } std::string tmpdir_t::get_file(const std::string& f) { std::string::size_type ls = f.rfind('/'); return dir+'/'+( (ls==std::string::npos) ? f : f.substr(ls+1) ); } -tarchive_t::tarchive_t(void *p,size_t s) : a(archive_read_new()), e(0) { +tarchive_t::tarchive_t(const char *fn) : a(archive_read_new()), e(0) { if(!a) throw std::runtime_error("failed to archive_read_new()"); if(archive_read_support_format_tar(a)) { archive_read_finish(a); throw std::runtime_error("failed to archive_read_support_format_tar()"); } - if(archive_read_open_memory(a,p,s)) { + if(archive_read_open_filename(a,fn,16384)) { archive_read_finish(a); throw std::runtime_error("failed to archive_read_open_memory()"); } } tarchive_t::~tarchive_t() { assert(a); archive_read_finish(a); } bool tarchive_t::read_next_header() { assert(a); return archive_read_next_header(a,&e)==ARCHIVE_OK; } std::string tarchive_t::entry_pathname() { assert(a); assert(e); return archive_entry_pathname(e); } bool tarchive_t::read_data_into_fd(int fd) { assert(a); return archive_read_data_into_fd(a,fd)==ARCHIVE_OK; } diff --git a/src/eyetil.h b/src/eyetil.h index 64948d0..8af18a4 100644 --- a/src/eyetil.h +++ b/src/eyetil.h @@ -81,49 +81,49 @@ struct integrity_digester { size_t data_size; block512_t data; integrity_digester() : data_size(0) { } void update(const void *d,size_t s); binary_t final(const std::string& ukey); }; class tmpdir_t { public: std::string dir; tmpdir_t(const std::string& dt); ~tmpdir_t(); std::string get_file(const std::string& f); }; class tarchive_t { public: struct archive *a; struct archive_entry *e; - tarchive_t(void *p,size_t s); + tarchive_t(const char *); ~tarchive_t(); bool read_next_header(); std::string entry_pathname(); bool read_data_into_fd(int fd); }; struct mimewrite_base { virtual ~mimewrite_base() { } virtual int write(const char *buf,size_t len) = 0; virtual void close() = 0; }; struct mimewrite_string : public mimewrite_base { std::string str; int write(const char *buf,size_t len) { str.append(buf,len); return SOAP_OK; }; void close() { } }; struct mimewrite_tarfile : public mimewrite_base { std::string fn; std::fstream f; integrity_digester idigest; |